Press ?
for help.
All features are anonymous.
As done at Camptocamp since 2016
Various options:
camptocamp/puppetserver
puppetdb
name resolvesTwo options:
single node:
camptocamp/r10k-githook
(sshd with a Git hook)cluster of nodes:
camptocamp/r10k
(using MCollective) + camptocamp/r10k-webhook
(webhook to trigger r10k over MCollective)camptocamp/puppetdb
camptocamp/puppetboard
camptocamp/puppet-catalog-diff
and
camptocamp/puppet-catalog-diff-viewer
docker-puppetboard
:require "serverspec"
require "docker"
describe "Dockerfile" do
before(:all) do
# See https://github.com/swipely/docker-api/issues/106
Excon.defaults[:write_timeout] = 1000
Excon.defaults[:read_timeout] = 1000
image = Docker::Image.build_from_dir('.')
set :os, family: :debian
set :backend, :docker
set :docker_image, image.id
set :docker_container_create_options, { "Privileged" => true }
end
describe file('/app/puppetboard/app.py') do
it { is_expected.to be_file }
end
end
Testing files and commands:
describe file('/etc/puppetlabs/puppet/puppet.conf') do
it { is_expected.to be_file }
end
describe command('/opt/puppetlabs/bin/puppet -V') do
its(:exit_status) { is_expected.to eq 0 }
its(:stdout) { is_expected.to match(/^4\.\d+.\d+\n$/) }
end
describe command('/opt/puppetlabs/bin/puppetserver gem list') do
its(:exit_status) { is_expected.to eq 0 }
its(:stdout) { is_expected.to match(/\bruby_gpg\b/) }
its(:stdout) { is_expected.to match(/\bhiera-eyaml-gpg\b/) }
end
describe command('/opt/puppetlabs/bin/puppet master --configprint strict_variables') do
its(:exit_status) { is_expected.to eq 0 }
its(:stdout) { is_expected.to eq("true\n") }
end
describe file('/check_csr.rb') do
it { is_expected.to be_file }
end
describe command('/opt/puppetlabs/bin/puppet master --configprint autosign') do
its(:exit_status) { is_expected.to eq 0 }
its(:stdout) { is_expected.to eq("/check_csr.rb\n") }
end
$ bundle exec rspec -fd
Dockerfile
File "/etc/puppetlabs/puppet/puppet.conf"
should be file
Command "/opt/puppetlabs/bin/puppet -V"
exit_status
should eq 0
stdout
should match /^4\.\d+.\d+\n$/
Command "/opt/puppetlabs/bin/puppetserver gem list"
exit_status
should eq 0
stdout
should match /\bruby_gpg\b/
stdout
should match /\bhiera-eyaml-gpg\b/
Command "/opt/puppetlabs/bin/puppet master --configprint strict_variables"
exit_status
should eq 0
stdout
should eq "true\n"
File "/check_csr.rb"
should be file
Command "/opt/puppetlabs/bin/puppet master --configprint autosign"
exit_status
should eq 0
stdout
should eq "/check_csr.rb\n"
Finished in 20.99 seconds (files took 0.39334 seconds to load)
11 examples, 0 failures
---
language: ruby
sudo: required
services: docker
cache: bundler
script:
- ./.build.sh
- bundle exec rspec -fd
after_success:
- ./.publish.sh
volumes:
datacode: {}
datagit: {}
datar10kcache: {}
datapostgresql: {}
---
version: "2"
services:
puppetmaster:
image: 'camptocamp/puppetserver:2.7.2-5'
environment:
JAVA_ARGS: '-Xmx2g -Xms2g -XX:MaxPermSize=256m -XX:OnOutOfMemoryError="kill -9 %p" -Djava.security.egd=/dev/urandom'
AUTOSIGN_PSK: 'HelloGhent'
hostname: 'master.c2c'
ports:
- '8140:8140'
volumes:
- './puppetca:/etc/puppetlabs/puppet/ssl'
volumes_from:
- 'r10k'
r10k:
image: 'camptocamp/r10k-githook:2.5.2-3'
ports:
- '2222:22'
volumes:
- 'datacode:/etc/puppetlabs/code/environments/'
- 'datagit:/srv/puppetmaster.git/'
- 'datar10kcache:/opt/puppetlabs/r10k/cache/'
- './authorized_keys:/opt/puppetlabs/r10k/.ssh/authorized_keys:ro'
# Optional, browse code
cgit:
image: 'oems/cgit'
ports:
- '8022:80'
volumes:
- 'datagit:/mnt/git/puppetmaster.git:ro'
postgresql:
image: 'postgres:9.4'
environment:
POSTGRES_USER: 'puppetdb'
POSTGRES_PASSWORD: 'puppetdb'
volumes:
- 'datapostgresql:/var/lib/postgresql/data/'
puppetdb:
image: 'camptocamp/puppetdb:4.3.2-1'
environment:
ENABLE_HTTP: 'true'
JAVA_ARGS: '-Xmx512m -Xms512m -XX:OnOutOfMemoryError="kill -9 %p" -Djava.security.egd=/dev/urandom'
links:
- 'postgresql'
volumes:
- './puppetca/certs/ca.pem:/etc/puppetlabs/puppetdb/ssl/ca.pem:ro'
- './puppetca/private_keys/puppetdb.pem:/etc/puppetlabs/puppetdb/ssl/private.pem'
- './puppetca/certs/puppetdb.pem:/etc/puppetlabs/puppetdb/ssl/public.pem'
puppetboard:
image: 'camptocamp/puppetboard:0.2.2-gitdf91583-1'
environment:
PUPPETBOARD_SETTINGS: "/app/settings.py"
command: '--mount-point / wsgi.py'
ports:
- '80:80'
resource "rancher_stack" "puppet" {
name = "puppet"
environment_id = "a123"
catalog_id = "camptocamp:puppet:165"
start_on_create = true
finish_upgrade = true
depends_on = ["rancher_stack.postgres-cluster"]
environment {
"ACTIVEMQ_DNS_ALT_NAMES" = "activemq.example.com"
"AUTH_CONF_ALLOW_CATALOG" = "catalog_diff"
"AUTOSIGN_PSK" = "HelloGhentPSK"
"CA_CRT" = "${file("puppet/ca.crt")}"
"CA_DNS_ALT_NAMES" = "puppetca,puppetca.example.com"
"CA_KEY" = "${file("puppet/ca.key")}"
"DB_DNS_ALT_NAMES" = "puppetdb,puppetdb.example.com"
"DNS_ALT_NAMES" = "puppet,puppet.example.com"
"GITHUB_ORG" = "camptocamp"
"GITHUB_TEAM" = "infrateam"
"GITHUB_TOKEN" = "<gh_token>"
"GPG_KEY" = "${file("puppet/gpg_key.asc")}"
"MCOLLECTIVE_SERVER_KEY" = "${file("puppet/mcollective_server.key")}"
"PUPPETBOARD_TAG" = "0.2.0-1"
"PUPPETCA_JAVA_ARGS" = "-XX:OnOutOfMemoryError=\"kill -9 %p\" -Djava.security.egd=/dev/urandom -Xmx2g -Xms2g -XX:MaxPermSize=256m"
"PUPPETDB_JAVA_ARGS" = "-XX:OnOutOfMemoryError=\"kill -9 %p\" -Djava.security.egd=/dev/urandom -Xmx1g"
"PUPPETDB_POSTGRES_PASSWORD" = "PostgresGhentPass"
"PUPPETDB_POSTGRES_RO_SUBNAME" = "//postgresql:5433/puppetdb"
"PUPPETDB_POSTGRES_SERVICE" = "postgres-cluster/lb"
"PUPPETDB_POSTGRES_USER" = "puppetdb"
"PUPPET_JAVA_ARGS" = "-XX:OnOutOfMemoryError=\"kill -9 %p\" -Djava.security.egd=/dev/urandom -Xmx4g -Xms4g -XX:MaxPermSize=256m"
"R10K_REMOTE" = "ssh://git@git.example.com/infra/control-repo.git"
"RSA_PRIVATE_KEY" = "${file("puppet/r10k_rsa.key")}"
"STOMP_PASSWORD" = "StompGhentPass"
"WEBHOOK_SECRET" = "WebhookGhentSec"
}
}
Charts take advantage of ImageStreams, ConfigMaps & Secrets (among others)